Campcodes Recruitment Management System Local File Inclusion Vulnerability

A local file inclusion vulnerability has been identified in Campcodes Recruitment Management System version 1.0. The issue resides in the '/admin/index.php' file, where the 'page' parameter is not properly validated, allowing remote attackers to include arbitrary local files. This vulnerability requires authentication to exploit.

Impact

Exploitation of this vulnerability allows for local file inclusion, which could be used to execute malicious code or access sensitive information on the server.

Reproduction

To reproduce this vulnerability, log into the application with valid credentials (username: admin, password: admin123). Once logged in, send a GET request to '/admin/index.php' with the 'page' parameter set to a path of a local file on the server. The server will include the specified file, potentially leading to code execution or disclosure of sensitive data.